Secure interactive digital system for displaying items to a user identified as having permission to access the system

ABSTRACT

Methods and apparatus are described which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. A feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records and identify a user not physically present at the client computer. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, requests for information are entered from remote terminals, the system being able to respond to multiple user requests simultaneously, and the information requested is recalled and downloaded for review to be displayed at the remote site.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation of application Ser. No. 11/493,884 filed Jul. 26,2006, which is a continuation of application Ser. No. 09/846,933 whichwas filed on May 1, 2001 which was a continuation-in-part of applicationSer. No. 08/205,885, filed Mar. 3, 1994; now abandoned; Ser. No.08/393,493, filed Feb. 24, 1995; Ser. No. 08/410,318, filed Mar. 24,1995; now abandoned; Ser. No. 08/453,393, filed May 30, 1995, issuingOct. 26, 1999 as U.S. Pat. No. 5,973,731; Ser. No. 09/020,456, filedFeb. 9, 1998, and Ser. No. 09/687,131, filed Oct. 13, 2000, thedisclosures of which are hereby specifically incorporated herein byreference.

FIELD OF THE INVENTION

The present invention relates generally to interactive secureidentification transaction systems for storing, retrieving, anddisplaying text and data compressed image files and communicating samebetween a centralized server computer and a plurality of client dataterminals located at remote sites, for the purposes of displaying itemsto a requestor, possibly not physically located at the remote terminal,only after verifying that the requestor is authorized to view the items.

BACKGROUND OF THE INVENTION

Various systems have been proposed for accessing text image informationassociated with catalog type sales, wherein each listed item isadvertised in the terms of desired quantities, qualities, and so forth.Updates to such systems are done on an occasional or seasonal basis, asnew products are added or older products are removed. While somesearching of the database may be possible, it generally is limited tothe different styles, colors, etc. of products manufactured in largequantities.

Systems also exist which support the sale of unique products or items,such as trucks having particular equipment, or persons having particularcharacteristics. One example of a system of this type is disclosed inBijnagte (U.S. Pat. No. 5,235,680), wherein the product is real estate.The system architecture of Bijnagte is limited to that of thehost-terminal, however, and all transactions, including picturescanning, are performed on an on-line, interactive basis. Images arelimited to 8-bit color and a maximum of sixteen in number, and arefurther limited in size to dimensions in pixels of 128×100(approximately ¼ screen at relatively low resolution), and datacompression is limited to approximately 2:1, which is characteristic of“loss-free” compression in which there is no actual reduction in theamount of data. In addition, only limited means are included to preventunauthorized access or modification of records.

Another related information system is disclosed by Sibley, Jr. (U.S.Pat. No. 4,677,552), in which commodity market bids are conveyed betweenremote terminal sites by way of local trade exchanges and satellitecommunication links. By their very nature, such products are not unique,and would not benefit from the use of image information.

Many identification systems are described in the art, and themethodologies of these approaches cover a wide range of techniques. Insome cases, a photograph of a subject or his fingerprint pattern isaffixed to an identification card, usually as part of a tamper-resistantassembly. In other approaches, various methods are employed for storingimage or password information in a magnetic stripe or in an opticallyencoded image or pattern that is physically part of the identificationcard. Still other approaches utilize a “smart card” having its ownsemiconductor memory and/or microprocessor capability for informationstorage. Each of these techniques is effective for specificapplications, but in each case the security carries a high cost, eitherin expense for the materials involved, the complexity of the assemblyprocess for the identification card, or the repetitive cost of applyingthe method to a plurality of individual identification cards utilizedfor different circumstances. In addition, since a major part of theidentification information is carried in the physical identificationcard itself, it is subject to tampering, alteration, or replication ifit falls under the control of an unauthorized user.

Accordingly, there is always a need for improvements in secureidentification systems, such as where a seller can communicate uniqueand or other proprietary business information only to buyers who areconfirmed as being authorized to view the information. Preferably, thesystem is interactive and the user may be identified even if notphysically present at the seller's transaction terminal.

An object of this invention is provision of a secure method andapparatus for transacting business between one or more buyers,simultaneously, at respective transaction terminals remote to and incommunication with the seller's central server computer.

Advantageously, such a system would enable products and services to bemade available to requesters, such as in a “home-shopping” environment,or subscribers, such as consumers who pay for access to sellerinformation, or bidders, such as in on-line buying-selling transactions.In addition, the system would provide for the control and management ofdata records and images representing items for sale or for referenceuse, including the ability to update or modify records already entered,using special computer software to provide controlled access to thesedata records.

SUMMARY OF THE INVENTION

The present invention provides a method of storing and retrievinginformation relating to unique products, services and/or individuals.The invention utilizes a client/server architecture applied to a centralrelational database, using advanced image data compression to providerealistic image rendition and rapid communication response time. Inaddition, image capture is performed on a non-interactive basis insofaras the central database server, so as to minimize server participationand communication costs.

All text and image data is processed within respective remote clientcomputers, permitting the central relational database to be rapidlyupdated in a single series of transactions. In one aspect, batchuploading is used. The remote computer may maintain its own localdatabase, however, so that images and text may be uploaded to thecentral computer on a selective basis, and added to the centralrelational database or included in listings published in videocassettes,optical or magneto-optical discs of any format, or other popularconsumer distribution formats, in accordance with U.S. Pat. No.5,973,731 and pending patent application Ser. No. 08/393,493, thespecifications of which are hereby incorporated herein by reference.Images may be stored as individual files or as “pages” within an imagecompilation file. All records and communications are protected bysecurity measures such as log-on verification, “Caller ID”, or dataencryption (whether hardware based or software based), so as to restrictaccess or modification of records to the “owners” of the individualrecords.

The system may make advantageous use of different image data compressionformats for the various users and sources. In one embodiment, a firstformat may be used for the locally stored images, a second format may beused for images transmitted from a remote site to the central computerdatabase, and a third format may be used for images transmitted from thecentral computer database to a remote site. As such, locally storedimages could not be transmitted or transferred by magnetic disc or othermedia to any other remote site unless routed through the centralcomputer, at which time the images are reformatted and retransmitted.

An additional feature is the inclusion of provisions for electronicmessaging, with or without association to particular files. For example,a customer could register a bid on a listed product, or a customersearching for a particular product not listed in the database couldleave a message so that another customer considering the possibility ofa sale might respond to that request. Furthermore, such bidding may becarried out on a live or an interactive basis, facilitating an on-lineauction. Alternatively, electronic messaging may be directed towardsindividuals listed in the database, or those customers who might wish tocontact other customers on a confidential basis.

A further feature is the inclusion of provisions to implement a hardwaresecurity key (commonly referred to as a “dongle”) in which securityinformation is included. Such security information may includepasswords, database connection information, control of available programfeatures specific to a particular client, or other suitable information.

Although in one embodiment the system uses a single, central computersite in conjunction with a plurality of remote computer sites, it may beadvantageous to organize the central computer system as a network ofregional computers, each servicing a subset area of a particular remotecomputer site. These regional computers would be connected throughdedicated communication links, to reduce local telephone call costs andfor redundancy in case of natural disasters or accidents.

Further, the present invention overcomes the limitations of theidentification systems of the prior art by utilizing a separate,centralized database to store data-compressed images of the subjectindividuals or items, and subsequently downloading the data-compressedimages to local data terminals, on demand, at the time of theidentification event or transaction. Because the image information isnot stored within a user's identification card itself, it is not subjectto alteration or replication by an unauthorized user, and the use ofencryption techniques makes the image information useless if the datasignals are intercepted. In addition, a plurality of identificationcards or customer accounts may be associated with a single image, as,for example, all of the credit cards owned by a single individual, orthe separate checking and savings accounts for an individual. In thecase of a credit card, images for both a husband and a wife could beassociated with an individual card or a plurality of cards; similarly,an image for a child having authorization to use a card could beassociated with that card, and, if desired, could be assigned adifferent credit limit. The images may include a copy of the authorizedsignature, or the signature may be provided as a separate image file,which then could be used by the transaction terminal to compare to ascanned image of the signature on the authorization slip or the input ofa “pen” computer or pressure-sensitive pad. Additional information, suchas the Social Security Number or the mother's maiden name for thecardholder may be used to augment these security measures.

In cases in which a user is to be identified although he or she is notphysically present at the transaction terminal, as, for example, whenproducts are ordered by telephone using a credit card, the terminaloperator would be able to accomplish a partial identification by usingthe image to compare the physical appearance in the image to the detailssupplied by the customer in response to operator questions.Alternatively, the customer could choose a distinctive image (serving asa “token”), such as a corporate logo or a picture of an animal or anitem having special significance as his confirmation symbol, and theoperator would expect the customer to validate his order by describinghis confirmation symbol. As a further verification, the customer couldbe required to key in a personal identification number (“PIN”) using histelephone key-pad, which then could be compared to the number stored inthe central database for each credit card; in an alternative embodiment,this PIN number could serve as the decryption key for the image filepresented to the operator. In the future, when videophones and the likebecome available generally, it will be possible to perform thisidentification process visually; in addition, the use of “pen” computerunits would allow a customer to transmit his authorization signaturedirectly to the transaction terminal. Many alternative methods ofconveying unique identification information, such as security keys,special identification card scanners, etc. are well known in the art.

As image recognition systems become more reliable, many of these visualidentification steps may be automated. In this case, it will bedesirable to provide video camera facilities at the transactionterminals, so that the image of the purchaser may be captured at thetime of the transaction. If desired, such an image could be uploaded tothe transaction computer to provide a record of the identity of thepurchaser in a particular transaction. Other images, such as (but notlimited to) physical characteristics, fingerprints, signatures,“tokens”, and so on, also may serve to memorialize the transactionand/or the identities of the participants.

In actual implementation, the image information may be relayed to thetransaction terminal through a central transaction computer, such asthose utilized by current credit card clearing houses. As analternative, the image database computer could serve as the gateway tothe central transaction computer, by relaying the financial informationto the central transaction computer. In this case, it would be somewhatless complicated to maintain a record of the image of the purchaser, asthis image database computer would be optimized for image handling andstorage.

At the remote transaction terminal location, it would be advantageous tointegrate the video display capabilities into a single unit which alsoprovided the data-input and cash-register facilities. Where this is notfeasible, an analogous data-communications path would be utilized, witha separate video display unit situated at the transaction terminallocation.

In some applications, it may be desirable to provide a local imagedatabase, as, for example, of regular customers at a particular retailstore. Although this reduces the level of security available, it wouldspeed communications and decrease the on-line time for the centralizedcomputer database. In addition, it would allow verification of theidentity of the customer, without the need to communicate with thecentral database computer. Furthermore, a local database may provideadditional data management capabilities, even if not all of theinformation related to the item resides within the local database: forexample, the local database may store an encrypted image, while thedecryption key is provided from the central database.

When implemented in a typical sales operation, image recordsrepresenting the individual products optionally may be stored in a localdatabase, such that as a product price tag is scanned at the check-outregister, an image of the product is relayed from the database computerto the check-out register transaction terminal so that theidentification of the product may be verified by visual comparison withthe image displayed on the transaction terminal, thereby confirming theaccuracy of the scan and preventing a customer from placing the pricetag of a less expensive product on a more expensive product that thecustomer wishes to purchase.

In a banking environment, an image of the customer at an ATM terminalcould be compared to a downloaded image to verify the identity of thecustomer. Several systems for automatic image recognition are presentlyavailable, with recognition rates varying from 95% to over 99%,depending on the strictness of the comparison. For in-person bankingtransactions, images of the subject person may be maintained in a localdatabase, optionally storing these images in encrypted form, with thedecryption key downloaded from the central database; this would enable ateller to verify the identity of a banking customer, by making the imageof that customer available on the transaction terminal screen. Inaddition, an image may be taken of the subject person(s) and/or theirsignature(s), fingerprint(s), or “token(s)” at the time of thetransaction, and associated with the transaction, in order tomemorialize the participants in the event; this image may be uploaded tothe central database computer and optionally stored in a separatetransaction database.

In a business environment, any type of legal document, such as acontract, may be secured by associating the document with a particularidentifying image, much in the same way as Notary Public procedures areemployed today. Images of the principals may be deposited in a specialimage archive facility, for later retrieval in the event of any dispute.

Transactions which do not involve a financial element may makeadvantageous use of the system as well. In a law-enforcementenvironment, a police officer that has stopped a suspect vehicle coulddownload an identification picture of the registered owner beforeapproaching the vehicle, thereby giving him the advantage of knowing inadvance the physical appearance of the presumed driver. For subjectstaken into custody, the identifying image would allow rapididentification of the individual, and would inhibit accidental releaseof a detainee due to errors in identification. For ImmigrationDepartment officials, downloaded images would allow verification of theidentity of subjects presenting passport credentials.

The original identification images would be entered from a bankinginstitution or a retail site of the entity issuing the identificationcard. After the subject image has been captured, using a still videocamera, a motion video camera, or a scanned photograph, the image isdata-compressed, encrypted, and transmitted to the central imagedatabase. Once it has been included in the image database, the image fora particular subject may be associated with as many differentidentification cards, credit cards, or customer accounts as desired, andmade available to any number of transaction computers, which may berepresentative of a plurality of independent transaction systems.Preferably, a scanned image of the signature of the subject would beincluded, and associated with the subject image file, along with anyother identification data, such as the Social Security Number or aspecial password.

In an alternative embodiment, the identification image may be stored inencrypted form within the identification card, with the decryption keyprovided from the central database computer at the time of thetransaction.

In a further alternative embodiment, a portion of the image may bestored within the identification card, with the remaining portionprovided from the central database computer. Either or both portions maybe in encrypted form, with decryption key or keys supplied from eitherthe identification card, or a local computer, or the central databasecomputer, or any combination of these options. One possible embodimentwould provide the decryption key for the local portion from the centraldatabase computer, and the decryption key for the portion provided bythe central database computer from the local source identification card.

In yet another alternative embodiment, the image may be stored on thecentral database computer in encrypted form, while the identificationcard provides the decryption key.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram depicting the hardware components foruploading image identification information in the preferred embodiment;

FIG. 2 is a block diagram depicting the hardware components fordownloading image identification information in the preferredembodiment;

FIG. 3 is a block diagram depicting one possible scheme for managing thevarious formats of image data compression utilized for local datasecurity and for the control of the transmission of images betweenremote sites;

FIG. 4 shows one possible layout of a screen display for an itemlisting, suitable for conventional television display units or for videorecording;

FIG. 5 shows an alternative layout of a screen display for an itemlisting, suitable for data entry or for the display of database scanresults, in this case customized for truck advertising;

FIG. 6 shows a further alternative layout of a screen display for anitem listing, suitable for data entry or for database scan results, inthis case customized for real estate; and

FIG. 7 shows yet another alternative layout of a screen display for anitem listing, suitable for data entry or for the display of databasescan results, in this case customized for use with records describingindividuals.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention takes advantage of computer networking,computer-based communication, client-server architecture, and relationaldatabases in order to implement a new and unique system for secureidentification and communication. Background information is availablethrough the Bijnagte (U.S. Pat. No. 5,235,680) and Sibley, Jr. (U.S.Pat. No. 4,677,552) references, and also through descriptions ofcomputer network operating systems (such as Novell NetWare, UNIX, orMicrosoft Windows NT-Server), for communications protocols (such asTCP/IP or IPX), or for communications links (X.25, ATM, ISDN, or T1/T3lines).

For the purpose of this disclosure, it should be understood that theterm “item” is intended to refer to any product (new or used), anyservice, or any person to be listed within the database of thisinvention, and for which or whom image information is available fordisplay based on a specific request. Broadly, the system may be used inconjunction with marketing activities, such as advertising theavailability for sale of automobiles, trucks, heavy equipment, vehicleparts, or real estate, or even regarding characteristics of individuals(though not limited thereto), wherein text and image information filesare stored in and retrieved from a relational database and an imagedatabase, respectively, and wherein a client computer site may conveybidding or other information related to such products to a centralserver computer.

In creating a database for such items, it is first necessary todetermine the various characteristics by which the individual items willbe searched or sorted. For products, this could include characteristicssuch as color, size, or style; for real estate, this could includelocation of the property or price range; and for people, the traitsmight include professional or career activities, medical or legalspecialties, age or even physical attributes. When these factors havebeen identified, a relational database may be created, by which thevarious items or people may be sorted in accordance with one or more ofthe predetermined characteristics.

Additionally, users (e.g., buyers, subscribers and the like) who are notphysically present at a transaction terminal that is remote to thecentral server computer can be identified by a salesperson or agent ofthe seller and a transaction authorized by comparison of an imageselected by the user (e.g., a “token” having personal significance knownonly to the user) with a pre-existing image of the token previouslyentered into the central database. The “token” image need not have anyvisible connection to the user being identified for a transaction; forexample, the image could be a picture of the family pet, a corporatelogo, textural information, or some kind of geometric pattern.

Another aspect of the secure identification system is the association ofmultiple images (as, for example, in the case of a husband and a wife,or parents and information files are stored in and retrieved from arelational database and an image database, respectively, and wherein aclient computer site may convey bidding or other information related tosuch products to a central server computer.

In creating a database for such items, it is first necessary todetermine the various characteristics by which the individual items willbe searched or sorted. For products, this could include characteristicssuch as color, size, or style; for real estate, this could includelocation of the property or price range; and for people, the traitsmight include professional or career activities, medical or legalspecialties, age or even physical attributes. When these factors havebeen identified, a relational database may be created, by which thevarious items or people may be sorted in accordance with one or more ofthe predetermined characteristics.

Additionally, users (e.g., buyers, subscribers and the like) who are notphysically present at a transaction terminal that is remote to thecentral server computer can be identified by a salesperson or agent ofthe seller and a transaction authorized by comparison of an imageselected by the user (e.g., a “token” having personal significance knownonly to the user) with a pre-existing image of the token previouslyentered into the central database. The “token” image need not have anyvisible connection to the user being identified for a transaction; forexample, the image could be a picture of the family pet, a corporatelogo, textural information, or some kind of geometric pattern.

Another aspect of the secure identification system is the association ofmultiple images (as, for example, in the case of a husband and a wife,or parents and children) with a single record, or of multiple accounts,ID cards, or PIN numbers with an individual image or multiple images. Inpractice, an association may be established between any number of imageshaving some defined relationship with each other and any number of datarecords having some defined relationship with the images.

Turning now to the drawings, FIG. 1 shows the organizational structureof a typical remotely located client computer forming part of aclient/server system architecture in accordance with the invention. Atthe option of the system designers, a personal computer 2 maintains, onits disk storage facilities, a local database 4 of items or people to belisted within the system. As these items, products, or people areidentified, the characteristics of each are entered into the localdatabase, employing conventional user interfaces such as the keyboardand “mouse” (not shown) provided with the personal computer.

Image files related to these items are then associated with the items inthe database record, using the photographic image scanner 6 or thedigital still-video camera 8. Other possible sources could includeanalog, still or motion video sources 10, which would provide signals tobe digitized by a digitizer-plug-in-board installed within the PC (notshown), or digitized video signal materials provided from other sources.After the images have been input to the PC, they preferably aredata-compressed for storage on the internal hard-disk provisionsincluded with the PC, at the option of the system designers; thisprocess is discussed in further detail below.

For convenience, a printer 24 is provided to prepare hard copies of thesubject images, including associated images such as the scannedsignature of the subject, with or without additional text information.In addition, the printer may be used to provide a hard-copy record ofany transaction performed at the terminal.

In many cases, the image of a particular item or individual may bedeemed to be useful for local identification, and the manager or“controller” of the item may choose to keep the item within his localdatabase rather than to list it on the central database, therebyproviding information for local use or to decrease the duration oftransactions by eliminating the need to download the image of a subject.In this case, no further steps will be required, as there is nocommunication with the central database computer. However, if the itemis to be listed on the central database, the following steps areexecuted.

The client PC 2 is equipped with a modem 12 for data communication tothe central database computer over telephone lines 14. Typically, thismodem will be capable of operation at least at 14.4 KBaud; however, 56KBaud or faster modems, connections utilizing the Internet, dedicatedcommunication links, ISDN (Integrated Services Digital Network), or DSL(Digital Subscriber Line) communication links may be implemented, withprogressively higher performance. This communication link 14 isconnected via one of a plurality of available modems 16, or byappropriate communication link, to a network-remote-node communicationsserver 20. Hardware to effect this type of communications-link at thecommunications server site is readily available from manufacturers suchas Digi International or USRobotics.

As an alternative to modem 16, connection to this communications servermay be achieved via a wide-area-network (WAN) access provider, such asan Internet access provider, through appropriate network gatewayhardware 28. In such a case, the gateway communications link 29 may beimplemented via ISDN or DSL lines, dedicated communications lines, T1/T3service, or satellite links. In alternative implementations, the networkgateway hardware and communication link may be implemented at adifferent point in the server site, such as in a device directlyconnected to the local network bus 50 (described herein below) or asinterfaced directly to the database file server 30 (described hereinbelow). Where a network of server sites is implemented, thiscommunication link, or a separate similar link (not shown), would enablethe various server sites to communicate with each other, or with othercomputer facilities outside of the network. In practice, a plurality ofcommunications servers may be required at each site, depending on thecapabilities of the communications server hardware 20, the number ofsimultaneous active clients to be served, and the type of communicationlinks established by the clients.

Upon log-on by the client PC, the communications server 20 preferablyfirst authenticates the user by way of known security measures includedin typical multiple-access computer systems, and optionally may alsoverify the Caller ID signal transmitted by the telephone system, ascurrently available in most communities throughout the United States.Alternatively, the communications link path may include a “securityhost” computer 18, such as the model ACM 400 offered by SecurityDynamics, interposed between the modem 16 and the communications server20. This computer checks for the presence of a particular hardwaresecurity key installed at the client PC, as further described below inreference to FIG. 3. Upon authentication, any updates in softwareoptionally may be downloaded automatically to the client PC. In somecases, it may be necessary to check the client PC to confirm thepresence of certain hardware, or to verify that a correct version ofsoftware is currently in use. This may be determined by way ofspecialized systems management software available for many networkoperating systems, or by programming the client PC to automaticallyprovide this information to the communications server as part of thelog-on procedure.

The communications server 20 is connected to a local network bus 50,which may be implemented using any of the many well known networkingarchitectures, including Ethernet, Fast-Ethernet, or Token-Ring. Alsoconnected to this network bus is the database file server 30, whichmaintains the database records and manages the image storage processes.The database file server is equipped with a Random Array of InexpensiveDisks (RAID)-based mass-storage system 32, which holds all the datarecords in the central relational database 38.

In addition, this server system includes a tape-drive back-up unit 34,and optionally may include provisions for an optical-disc “jukebox” unit36 to extend data storage capabilities. Networks of this type arecompatible with various operating systems, including UNIX, NovellNetWare, or Microsoft Windows NT-Server, although the system selectedshould support access for multiple remote clients.

Images associated with the relational database 38 are stored on an imagefile server 40, also connected to the network bus 50. This file serveris equipped with a RAID-based mass-storage system 42, which holds allthe image records in the image database 48. In addition, the image fileserver 40 is equipped with a tape-drive back-up unit 44, whichoptionally may include provisions for its own optical-disc “jukebox”unit 46 to extend image storage capabilities.

For data entry, the descriptive records for the specific items arestored in the relational database file server 30, while the associatedimages are uploaded for storage on the image file server 40. Inoperation, the storage locations of the associated image files managedby the image file server are referenced by the database file server, andprovided as requested by the client through the communications server20. The actual images may be stored as “pages” within an imagecompilation file, and may include one or more “thumbnail” orreduced-size images, which may or may not be illustrative of particularfull-size images, and which may be transmitted quickly to give anover-view of the item.

Alternatively, the images could be organized with a primary image file(with or without an associated reduced-size image) and one or moresecondary image files containing multiple image pages, with or withoutreduced-size images. In the latter situation, the user typically wouldfirst request the download of the primary image file for an item, andthen, if desired, would have the option of also downloading one or moreof the secondary image files, in order to obtain further informationabout that particular item. In the case, for example, of multiple imagesassociated with a single identification record (such as images of aspouse, or of children), the identification card optionally may containdata which directs the image server to retrieve a specific image orimages from the set. In this way, a single credit card account for whichseparate cards have been issued to a spouse and two of the childrenwould, in the authentication process, result in the retrieval of theimage that relates to the specific card. Therefore, the “spouse” cardwould be associated with the “spouse” image, while the “Child #2” cardwould be associated with the “Child #2” image. As an alternative, asingle image, for example, showing all of the children, could serve asthe identification image associated with the individual cards for eachof the children.

All data files and images files may be held in the active (RAM) memory,or off-loaded to the local hard-drive of the client PC, so that they maybe reviewed and compared by the operator as desired, without furthercommunication activities. In client PCs having multi-taskingcapabilities, the downloading process may continue as a background task,while the operator examines the material that has already been receivedand, as necessary, decrypted, as a foreground task. In this way, theoperator need not wait until all of the data has been downloaded beforebeginning the examination of the materials transmitted.

In a typical operation, the client will provide (i.e., upload)information relating to specific items, which are identified and thenstored by the database file server 30. Based on the items stored by thedatabase file server 30, the client then may request that selectedimages be uploaded to the image file server 40. The client may thenrequest-selected images to be downloaded from the image file server ordescriptive information to be downloaded from the relational database orboth. If the list has a small number of items, the user may choose toview all of them in some sequential manner; but if the number of itemsis large, the user may instead be prompted to select the item records tobe retrieved, or to refine the search criteria further so as to be moreselective. This technique allows each of the systemcomponents—communications server, relational database file server, andimage file server—to be optimized for its specific application.

However, depending on the particular application, database size, andcommunications traffic, one or more of these functions may be combined,such that in some cases a single server system may provide all of therequired functions; this could include both the database file serverfunction and also the image file server system, such that both kinds ofdata optionally may be stored in the same database, or even within thesame record. In other cases, multiple servers may be required for one ormore of these functions, each of them connected to the local network bus50.

In one aspect, the descriptive records for the specific items, which arestored in the relational database file server 30 may be independentlyretrieved while the associated images remain in the image file server40. Likewise, images which are stored in the image file server 40 may beindependently retrieved while the associated descriptive records remainin the relational database file server 30. This is distinct from theprior parent Application, wherein only both textual and image, or textalone, could be retrieved.

It is anticipated that in some cases the client PC will not have therequired windowing capabilities, and will only process textual infoination. In these cases there will be no uploading or downloading ofimages to that client, and all database services will be confined to therelational database file server; however, textural information (such asa description of a “token”) may be included, for upload and download totext-based client PCs. In some applications, it may be necessary tocontrol the access to the databases, so that clients may upload itemsfor inclusion into the database, but downloading to clients isprohibited or restricted to specific clients (such as governmentauthorities or police units) for reasons of security or privacy, asdiscussed herein below.

The steps involved in an identification event or transaction will beunderstood with reference to FIG. 2. In many respects, the systemarchitecture is equivalent to that of FIG. 1, except that the flow ofimage file information generally is in the opposite direction. It willbe appreciated that many of the details of the data communications andsystem architecture will function in identical ways, and therefore thereader is referred to those discussions herein above. In a typicalidentification event, a subject will present an identification card(I.D. card) for verification at the event site. The actual scanningdevice 106 may be implemented as a magnetic stripe reader, opticalreader, or pattern recognition unit. This scanning device will retrieveidentification information from this I.D. card, which is representativeof the subject, and communicate it to the transaction terminal 102. Inpractice, this unit may be as simple as a credit card reader, or ascomplex as a PC, which is part of a sophisticated computer network. Forthe purpose of this discussion, the function of the transaction terminalwill be explained with the understanding that it is a remote client PCconnected to the central database server.

The remote client PC 102 may be utilized as part of a product UPC-codescanner or optical character reader system that interprets product tags.As an option, a local database 104 may be maintained on this PC, suchthat when a particular product tag is scanned, an image of the correctproduct item is presented on the video display 124. In an alternativeimplementation, this database would maintain identification images ofthe subjects, such as images of regular customers at a bank or retailstore. When any input of product information has been completed, theprimary identification event or transaction may be effected. In abanking environment, this could be part of a financial transaction, suchas an account deposit or withdrawal; in a retail operation, this wouldcorrespond to a credit card transaction or a payment for goods by check.When the I.D. card is scanned, the information is communicated throughthe modem 112 to the telephone line or communications link 114 and on toone of a plurality of modem units 116. As explained herein above, thesystem optionally may include a security host computer 118 interposedbetween the modem 116 and the communications server 120.

The communications server 120 is connected to a local area network 150,typically implemented using one of several forms of Ethernet. Alsoconnected to this network bus is a transaction file server 130, whichmaintains a transaction database 138 containing information used toidentify any verification passwords and the storage locations of theassociated image files. This transaction file server is equipped with aRAID-based disk storage unit 132 and a tape drive 134 for data back-up.As an option, this server also may be equipped with an optical-disc“jukebox” 136 for additional storage capacity.

Images associated with the relational database 138 are stored on animage file server 140, also connected to the network bus 150. This fileserver is equipped with a RAID-based mass-storage system 142, whichholds all the image records in the image database 148. In addition, theimage server is equipped with a tape-drive back-up unit 144, whichoptionally may include provisions for its own optical-disc jukebox unit146 to extend image storage capabilities.

In response to an identification event or transaction, the client PCwill download information related to the subject, which previously hasbeen stored on the database file server. In addition, the client thenmay download selected images from the image file server, including bothidentification images and also associated images, such as images of thesignature of the subject. In an alternative embodiment, access toindividual images may be restricted to specific clients; for example,one client may only be permitted to retrieve one or more identificationimages, but not be authorized to retrieve some of the associated images,while another client may be authorized to retrieve all images.

This technique allows a single server system to provide all of therequired functions. In other cases, multiple servers may be required forone or more of these functions, each of them connected to the localnetwork bus 150. In addition, depending on the overall architecture ofthe system, the various communication servers 20 and 120, and fileservers 30, 40, 130, and 140, may be combined or separated as necessaryto match the demands of the communication load, convenience, economy, orthe like.

FIG. 3 shows the inter-relationship between the various file formats forimages stored locally at client PCs, transmitted to or from the serverimage database, or transmitted between remote client sites. In FIG. 3,solid lines show compatible image file transmissions, and dashed linesshow incompatible image file transmissions.

A client PC, shown generally at 60, optionally may maintain a localdatabase 62, which includes image files associated with particularitems. These files are encrypted by any of several available techniques,including commonly utilized formats for data encryption or by custommodification or encryption of the file header information so as to linkthe files themselves with the password character sequence containedinside a hardware security key.

The security key is particular to each user. Such security key, whichmay be a “dongle” or any other suitable security key as is well known inthe art, includes information such as passwords, database connectioninformation, or control of available program features specific to aparticular client. The security key may contain some or all of thefollowing information as follows: local PC identification, user name andpassword for access to the central computer database, informationnecessary to complete communication to the file servers.

In typical usage, this hardware key consists of a limited number ofstorage cells in an EEPROM, which have been programmed with a uniquesequence of characters. Only a computer having this particular securitykey attached to the parallel interface connector is able to decrypt theimage files and reconstruct the image; this encrypted format isdesignated as the “L” or “Local” format for the purposes of thisdiscussion. This security also may be used to control the permissionsfor access to the network server computers, to uniquely identify theclient-PC station, or to provide information (possibly including dial-uptelephone numbers or TCP/IP network address settings), which may beneeded to complete the communications path.

In practice, the actual data compression methods employed could includethe industry standard JPEG format, Lead Technologies “cmp” format,Iterated Systems “fractal compression”, “wavelet compression”, or otherproprietary or commercially available techniques. Compression ratios onthe order of 30:1 or more preferably are employed, thereby producingimage files of approximately 10 KBytes or smaller in size. It would beparticularly advantageous to utilize a compression technique which isresolution-independent such as fractal compression) which produces verycompact image data files that may be re-sized to match the video displayinterface hardware in the client PC. In addition, selected image files64 to be uploaded to the image file server and designated as “T” or“Transmitted” format are created by modifying the internally storedL-format files, utilizing formatting methods similar to those discussedabove for encrypting without hardware security keys.

Alternatively, the use of “public” keys with “private” keys may beimplemented, as well established in the art of secure encrypting of datatransmissions, and following standards such as the DES (Data EncryptionStandard) developed for the U.S. Government, or the MD5 system offeredby RSA Security, Inc.

Similarly, image files 66 downloaded from the image file server 40 areencrypted in “R” or “Received” format, which may be distinct from eitherthe “T” format or the local “L” format. These files are decrypted uponreceipt, and may be converted into the normal L-format utilized for thelocal client PC database.

A second client PC is shown generally at 70. This second client PC alsomay maintain a local database, but, because of the security techniquesdescribed herein above, the image file storage format is distinct fromthe format of the first client PC, and is designated as L*. In addition,the second client PC has provisions for uploading, downloading, andconverting image files in the R and T formats described in reference tothe first client PC or the remote PC may be provided facilities fordecrypting the “R” format.

In another aspect, some combination of formats may have the sameencryption, which would no longer necessitate some or all of thediffering decryptions and conversions as previously described.

If an attempt is made to transmit or transfer a file directly from oneclient PC site to another (or to a client PC not legitimately a part ofthe system), the images will be unusable, because the L-format imagescannot be decrypted by an L*-format client PC, or any other PC whichdoes not have the proper hardware security key, and the Client PCs maynot have provisions for converting T-format images into usable form. Inorder to allow files to be exchanged and viewed by other client PCs orusers, the image file server, shown generally at 80, may perform thisconversion step, or alternatively the transmitting PC as part of theupload process may perform this step. Image files uploaded by client PCsin T-format are received at step 82, and may be converted at step 84 tothe R-format.

At this time, files optionally could be converted from one image datacompression scheme (for example, by LEAD Technologies) to a differentimage data compression scheme (for example, fractal compression byIterated Systems) to save local storage space and communication costsand time during image downloading procedures. In many cases,sophisticated hardware-assisted image processing (such as the step offractal image compression) is expensive to implement on a client-PC-widebasis, but would be economically feasible at a central database site. Atstep 86, the R-format image files may be transmitted to any other clientPC site on the network It should be understood that the image files maybe stored in T-format and converted at the time of transmission, orconverted to R-format at time of receipt and storage; alternatively, thefiles may be stored in a third format which may be incompatible witheither R- or T-format files. Further, the files may be converted toeither the R-format or this third format by the transmitting PC 60 atthe time the files are uploaded to the server, rendering it unnecessaryfor the server to perform this step.

FIG. 4 illustrates one possible format, arranged for use with avideo-television display, for the automatic, sequential display ofselected item information and associated images retrieved from eitherthe local item or central item databases. The standard VGA-format screendimensions of 640 pixels (horizontal) and 480 pixels (vertical) areshown generally as 100. Within the screen display 100 is an imagedisplay area, indicated as 102. This area may contain one or more imagesfrom a variety of sources. If a still video camera by Dycam, Inc. hasbeen utilized to accumulate images, this image area will be completelyfilled by the camera output image.

A separate area 106 may be utilized to show item identificationinformation, such as manufacturer name, manufacturer logo, regionallocation, or additional image information. An area 104 is designated fortext information to describe the product. Associated text and imageinformation is sequentially displayed, in accordance with thepredetermined sequence, in which an image may correspond to any numberof text files, or a text file may correspond to any number of images. Aseparate index counter displaying alphanumeric information at the area108 enables the viewer to identify individual items within the program.In order to assure that the “safe-action-area” is visible onconventional television receivers, space has been left unused at thesides and bottom of the screen. These sequentially displayed iteminformation screens may be recorded locally, simply by connecting a VGAto NTSC scan converter (not shown), such as the HyperConverter unitmanufactured by PC-Video Conversion Corporation, to the PC-displaymonitor output, and the resultant scan converted NTSC or PAL formatvideo signal from the scan converter to the video input of a VCR (notshown).

The data entry process may be explained more fully by reference to FIG.5, which shows, by way of example, a screen configured to facilitate theinput of information describing a used truck. This particular displayscreen may be prepared using one of the many available softwaredevelopment programs, such as “Visual Basic” by Microsoft Corporation.Such development programs allow for the creation of a graphical userinterface (GUI) “front-end” for access to a relational database, andinclude provisions for a variety of specialized “controls”, such as“text boxes” and “drop-down list boxes”, which are integrated into thegraphical user interface (using a “mouse”) as shown.

The area 200 is designated for displaying an image of the subject item,which is assumed to be available in one of several possible formats. Ifthe image has been captured on a digital still-video camera from amanufacturer such as Dycam, Inc., Kodak, Sony, or some othermanufacturer, then it may be imported from the camera into the PC by wayof the serial data interface, using custom software. This software willimport the image, and then create a data-compressed version utilizingthe data-compression software selected, such as offered by LEADTechnologies or Iterated Systems. This data-compressed image will bestored in the local database, when data entry is completed and therecord information as shown is accepted by the operator, using the localencryption method selected, which may include modification of the fileheader to include a password, or utilize other well-known methods offile encrypting.

The remaining information shown on the screen may be inputted to thelocal relational database, and stored with references to any itemimages. In the particular case shown, the area designated as 220 (titled“Model”) has “drop-down list boxes” which list possible selections foreach of the illustrated categories, including “Manufacturer”, “BodyStyle”, and “Cab Style”. Simple “text boxes” are used to type in datafor the categories “Year”, “WB (Wheelbase)”, and “Color”. The areadesignated as 250 (titled “Drive Train”) has drop-down list boxes forthe “Engine” manufacturer, and the rear axle “Style”, along with textentry boxes for the categories transmission “Speeds”, engine “Hp(horsepower)” and rear axle “Ratio”. The area designated as 280 (titled“Suspension”) provides drop-down list boxes for the suspension type, themanufacturer and type of “Wheels”, and the “Tires”, with text. entryboxes for the categories “Front GVW (Gross Vehicle Weight capacity)”.The area generally designated as 300 has a drop-down list box for the“Condition” of the vehicle and text entry boxes for the vehicle“mileage” and “Price”. The area designated as 310 is a text entry box inwhich the operator may include any additional comments.

After completing the data entry of the information, the operator thenselects the necessary options for storage of the record in the localdatabase. At this point, any necessary encryption steps are completed,an item identification number is assigned by the computer and displayedin the item identification number text box, and, if desired, theoperator may choose to transmit the record to the central databasecomputer, as a single transaction or with additional records included ina batch transaction. When stored on the central database computer, anitem identification number is assigned for this centralized record,which may be different from the local item identification number.Another screen, similar in layout to that of FIG. 5, may be utilized todisplay records retrieved from the local database or from the centraldatabase.

The process of record retrieval from either the local database or thecentral database must be managed in different ways based on the resultsof any search. In order to perform this kind of search, the operatoruses the mouse to effect the display of the selected screen, and thenutilizes a procedure similar to the one described above with referenceto the input of a new record. In this case, however, all of theselections need not be identified nor available. For example, thevehicle manufacturer, engine, and transmission might be specified, butthe color left unrestricted, or the characteristics of the wheels andtires left unconstrained. The reader will appreciate that the greaterthe degree off specificity provided by the operator, the fewer thenumber of matches that will be found. Once the search criteria areidentified, the communication link to the central database computer maybe used, and the appropriate commands may be transmitted to the centraldatabase computer in the chosen SQL (Structured Query Language). Thecentral database computer identifies the records satisfying the searchcriteria, and notifies the client PC location of the results of thesearch. For a search limited to the local database, the same steps areperformed, except that no remote communications are required.

In one aspect, the display of the selection screen used in enteringinformation, or a first display screen of the requesting remote dataterminal, is the same as the display of the selection screen used indisplaying the de-compressed images along with textual information atthe requesting remote data terminal.

The next steps in the process will depend on the results of the search.If only a few matches are found, the operator may be offered the optionto have these records retrieved immediately. If, on the other hand, alarger number of matches is found, the operator will be presented with alist summarizing these records, from which the operator may select thoserecords which are to be retrieved. Finally, if a very large number ofmatches is found, the operator will be prompted to provide modificationsor additional restrictions to the search criteria, so as to furtherlimit the number of matching records, or, alternatively, the operatormay elect to retrieve all of the search records, or to receive a hardcopy of the list by way of a locally connected printer 24. If theoperator is interested in a particular item, instructions will beprovided for contacting the owners of products or the individualslisted.

From this explanation it should be clear how this technique may beapplied to a variety of products, in accordance with this invention.

As a further examples, FIG. 6 shows a display screen layout suitable fora database of homes or other real estate, and FIG. 7 shows a displayscreen layout suitable for a database of individual people, such aswould be utilized for registering children (e.g., to thwart abduction),for professional directories, or for personal introductions. In the caseof registration of children, access to the records would be restricted,so that the client PCs could add records to the central databasecomputer, but could not retain records in their local database, norsearch the records held in the central database computer. Those recordsin the central database computer would be available only to appropriategovernmental authorities, as directly controlled by the central databaseSystem Administrator.

A further alternative is available for specialized applications, such asthe tracking of missing children. Many pay-telephones, particularlythose located at airports and other travel related facilities, havevideo display capabilities, in anticipation of future “video-phone”applications. When not is use, these telephones typically are set toshow advertising screen displays encouraging customers to use thetelephone service. With data files and image files related to missingchildren being downloaded to these telephones when not in use, theimages could be stored in local memory provisions and sequenced in thesame manner as that utilized for the existing advertising screendisplays. To facilitate this application, the telephones would beconfigured with additional RAM memory, EEPROMs, or local hard diskdrives. In addition, data-compression software for the images would beadded, as well as optional facilities for converting the associated textinformation into voice information, to be made available through thetelephone handset. For these text information files, the data could betransmitted and stored as codes intended to facilitate local voicesynthesis by electronic means, thereby minimizing the amount of data tobe transmitted. Similar applications could be implemented at automatedteller machine (ATM) terminals, with the further addition of graphicsprocessing hardware and the optional addition of color screen displaycapability. The downloading of any necessary information may bescheduled to occur automatically during periods when the telephonedevice or ATM terminal is not in use.

By utilizing a system architecture in which records in a local databaseare selectively uploaded to one or more central databases, severaladditional features may be realized. First, it allows the user/managerof the local database to exercise an unusual level of control over thecontent of the information in one or more central databases, thedecision whether or not to update each of the central databases, and thetiming of the updating of the records to these central databases. Inaddition, it provides the user with the option to transfer ownership ofthe record in his local database to another user, for use in the seconduser's local database. The second user then has the option of uploadingthe record to one or more of the central databases, with anymodifications he chooses to include, so that the new ownership isreflected in these central database listings as well.

This “transfer” facility is particularly useful in the case of a userwho is a dealer, and who has several retail outlets for sales of hisproducts. Here, in addition to the local database and a main centraldatabase, there can be one or more “private” databases, which may belocated at the site of the main central database, or may be located at adifferent site which may be remote from the main central database; as analternative, these private databases may be physically located at sitesof individual users of these private databases. For each privatedatabase, records within the private database may be viewed only bythose specific members of the group (such as other outlets operated bythe same dealer) or other users (such as regular buying or sellingpartners) that have been granted permission to access this privatedatabase. In practice, a user may be a member of any number of privatedatabases, and a private database may have any number of members.

As an example, assume that User A has physical possession of the productin question, and has created a record in his local database. This recordthen is uploaded to a private database maintained for a group of whichhe is a member; if the user chooses to do so, the record may be uploadedto one or more of the central databases. If the product is relocated toa different user (for example, User B), then the custom softwareinstalled for User A can be used to effect the transfer: the softwareremoves or edits the existing record in any central databases, removesor edits the record in any private databases, and removes the recordfrom the local database. In practice, the data for the record may beplaced in a separate holding area within the main central database,until such time as the receiving user, User B, may download the data forthe purpose of creating a new record in his local database. Thistemporary record is identified in such a way that only the designatedrecipient of the transferred record may obtain access; this may be donesimply by adding an additional data field to the transferred record inthe main central database, and using this field to designate theintended recipient. When a user (such as User B) logs on to the system,he can make an inquiry to determine whether there are any records toretrieve, and if so, trigger an automatic process to obtain the data forthese records. User B can then use this retrieved data to create newrecords in the user's local database. At the same time, any relatedimages or data files (such as an Appraisal sheet for the specific item)may be retrieved, so that they may be associated with the new record inthe Local Database. After the record has been created in the LocalDatabase, the user has the option to add the record to one or more ofthe central databases and/or any of his private databases. In this case,any associated images or data files may be uploaded, as well.

In practice, multiple central databases may be established on the basisof their intended usage; for example, central databases may bedesignated to hold data for groups of dealers or affiliated salesoutlets, for items intended for inclusion in a specific publication,items intended to be listed on an Internet advertising site, for acentral listing or for a dealer-specific web site, for items intended tobe offered at an auction, or for other purposes.

In the case f items intended to be listed on an Internet site, thelistings may be managed remotely by the dealer that controls the localdatabase containing that item. Specifications, pricing, images, andother data related the item may be edited in the local database. Next,these changes are uploaded to the central database designated forInternet listings, and then these changes automatically will bereflected in the Internet listing as well.

The facilities described may also be utilized so as to implement aninteractive, on-line auction for the products displayed, in accordancewith the invention. In this case, one or more remote sites would displayproduct descriptions and images, including live video images of variousproducts offered for sale. At the remote sites, still-video images orlive camera signals captured by a video digitizer printed circuit boardinstalled in the remote PC, as described above, are transmitted to thecentral database computer. The central database computer, in turn,relays the descriptions and images to all other remote sites, which haveestablished communications links so that they may participate in theauction.

The architecture of the system includes provisions for managing localand remote database records and associated image and data files foritems offered on an auction basis. In addition, users who n ay or maynot be subscribers to the system may search through listings of productsto select items on which they may choose to bid. Access to the systemmay be provided by way of an Internet web site, or the user may beprovided with special software which allows only viewing, only posting,or both types of access to the listings. If a subscriber has uploadpeimission, then as the owner of an item offered, he may selectivelyupload products available for the auction, which, in turn, are bid uponby other participants. The participants' bids are recorded in a databasetable, with identification information which will enable the owner ofeach product offered to contact the high-bidder. If for any reason thehigh-bidder is unable to complete the transaction, then the productowner has the option of offering the product to the next higher bidder.The software for both the bidder and the product owner allows theviewing of the current high-bid information, and the bidders are givenvisual and/or audible signals to indicate whether their own bidrepresents the current high-bid. This notification may be obtainedsimply by periodically querying the database bid records to determinethe current high bid and then comparing it to the local records of bidssubmitted for various products or items to determine whether the currentbid value matches the last bid value submitted from the local user.Alternatively, the local user may make this determination by obtainingthe current high bid and comparing it to the bidder identification thatis associated with the entity that placed the current high bid. Afurther alternative would be for the central database computer or othercomputer associated with the central database computer to “broadcast”the latest bid information over the network connection, so that eachbidder would have updated information available to them. Once the highbid comparison has been executed, the local bidder may be notified ofthe status of his bids using audible alerts to any change in status, orby visual indication, such as color changes on the display, flashingtext, flashing rows in a grid, or flashing “window” borders, etc.

As a further option, according to this invention, items that have beenidentified from the central database computer may be offered for sale.When a participating remote client PC desires to enter a bid, this bidis relayed via the communications link 29 to the central computer, atwhich point the bid is made available to all of the other participatingremote client PC sites. When the bidding period has expired, the remotePC sites will be notified and the seller and the winning bidder-buyerwill receive confirmation notices.

It should be noted that within the context of this disclosure, the term“owner”, when referring to a product or item, should be construed tomean the person, subscriber, or user who controls the product or itemthat is to be listed or offered for sale, and may not be the entity thatactually has legal ownership of the product or item. Authorized agents,representatives, or interested third-parties may act as the “owner” inthis situation, but only in the sense that they “own” or control thedatabase records that are representative of the items or productsthemselves. Similarly, the term “bidder” should be construed to mean auser who has permission to access the database and system, and isauthorize to place bids on products or items listed for sale.

In order to facilitate the process of locating specific items desired bya user, various screen-based aids may be employed. For example, customsoftware may be utilized which guides the user through the selectionprocess by providing a series of choices designed to progressively limitthe number of items selected from the desired category. The choiceswould be based on identifiable criteria for the items in question, andwould be applied to a search of the item database.

As an example, consider a user who wishes to find a used truck havingspecific characteristics and available in a particular geographicallocation. The search process would be initiated when the user “clicks”on a link on a web page. At this point, the user would be presented withan array of options, such as geographical regions. After severalsuccessive selection steps, the location may be identified down to thestate or even city level. Next, the user would be presented with aseries of choices designed to identify the type of truck (tanker,flat-bed, etc.), the manufacturer, the engine and transmission, the ageof the truck, and the price range desired. At this point, a search ofthe database would be initiated, and the results displayed on thescreen.

The identification card would then, in addition to containing at leastone characteristic which is associated with the item, have a portion ofeach of one or more images associated with that item stored thereupon,with the remainder of the image(s) stored in a central database. Inother respects, the process would follow the steps previously disclosedherein above, except for the reliance on the image material from the twosources being integrated to form complete image(s), which then would beused, in conjunction with the descriptive text, to determine whether ornot to allow the transaction to be completed.

Based on the search, the user is presented with summary information foreach item found, including textual and/or image information. If an itemis selected, the user then is presented with additional information onthat item, including information on how to contact the owner of theitem. In an auction environment, the user may be invited to enter a bidon the item selected, in accordance with the system described previouslyherein. In addition, other similar or related items may be included inthe display.

In practice, the system would be implemented as some form of a “decisiontree” structure, wherein the selection process proceeds based on eithera pre-determined series of selections, on a series of selections whichmay be adapted based on the user selections (perhaps moving into anentirely different “tree”), or on a combination of these or othersimilar techniques.

In an alternative embodiment, a link can be used to lead a user to acustomized web page. For example, a user may be presented with a linklabeled “ABC Truck Sales, Inc.” When the user selects this link, asearch of the database is performed to find those products offered forsale by “ABC Truck Sales, Inc.” Based on the results of the search, acustom web page is constructed and displayed, thereby giving theimpression that the dealer has a web site, when actually the web pagefor this dealer, or other dealers, is created from customizinginformation specific to the dealer and from the results of the currentdatabase search. In this way, the actual web site is maintained by theprovider of the database service, and the user is presented with acombination of standardized web pages and pages customized for thedealer the user selected.

In an alternative embodiment, the security issue may be handled in adifferent manner, either by including a decryption key within theidentification credentials (such as a credit card magnetic stripe) toenable the local data terminal to decode a downloaded picture which hasbeen encoded to match that particular decryption key, or by includingthe encrypted picture in the identification card itself, in which caseonly the particular decryption key need be downloaded to the local dataterminal.

In another alternative embodiment, a portion of the image may be storedwithin the identification card, with the remaining portion provided fromthe central database computer. Either or both portions may be inencrypted form, with decryption key or keys supplied from either theidentification card or the central database computer. One possibleembodiment would provide the decryption key for the local portion fromthe central database computer, and the decryption key for the portionprovided by the central database computer from the local sourceidentification card.

Many possible applications in identification of people readily will beappreciated, including secure identification for credit card,check-writing, ATM, or other financial and retail transactions;identification for law-enforcement or Immigration-control agencies;identification of patients in a medical environment; and any activityfor which positive identification is essential, including thoseactivities for which Notary Public services currently are employed. Forretail applications, product images retrieved from a local or globaldatabase may be used by sales clerks to verify the pricing or attributesof a particular item, by making this information available atcheckout-cashiers' stations, or at customer service stations throughoutthe store. In addition, many of the human identification services to beperformed may be automated, using computer-based image recognitiontechniques, such as the Photobook system offered by Facia RecoAssociates, or the TrueFace system offered by Miros. Based on thestringency of the testing criteria, recognition rates for these systemsin different applications varying from 95% to 99.9% have been achieved.A further feature of the system is the ability to associate a singleidentification image with a plurality of accounts, transactions, orrecords, thereby reducing the data storage requirements for images.

In addition, multiple images may be associated with a single record oraccount, thereby providing additional identification images for thesubject item, or images of additional subject items to be associatedwith the same record, set of accounts, transactions, or subset ofaccounts.

1. A computer implemented method for allowing a transaction between acentral computer and a remote terminal connecting to the centralcomputer to occur, the steps of the method comprising: storing an imageat said central computer; storing at the central computer textassociated with said image; retrieving said image and said associatedtext from said central database to said remote terminal in response to acommunication and displaying them on a display device; and allowing saidtransaction to occur only after verifying that the image and associatedtext are the same.
 2. The method of claim 1, wherein the image is storedin encrypted form.
 3. The method of claim 1, wherein the associated textis stored in encrypted form.
 4. A method of providing secure interactivecommunication of textual information and image data between a centralserver computer and one or more client computer terminals, located atremote sites, for the purpose of storing and retrieving files, the stepsof the method comprising: storing text and/or one or more images at thelocation of the central server computer, with the images being incompressed form and the text being included in a relationship databasewith identifiers associated with any related data, wherein the storingof said data comprises capturing as the image to be stored the graphicalrepresentation of an object, the object being preselected by a user andserving as an identifier of said unique product, service, or individual;receiving and processing at the central computer requests foridentification confirmation received from at least one of the remoteterminals; recalling and downloading text and/or images satisfying thecriteria specified in the requests from the at least one of the remoteterminals to the requesting terminal for review, wherein the step ofrecalling includes using a communications channel to contact the remoteterminal for identification confirmation, and the step of downloadingincludes downloading the graphical image of the object; and using thetextual information and image data downloaded to the requesting terminalto identify the product, service, or individual to be identified,wherein the step of identifying the product, service, or individualincludes the user confirming that the object is the same objectpreviously preselected by the user.